package org.kong.security;

import org.kong.filter.JwtAuthenticationTokenFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.web.access.AccessDeniedHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

/**
 * 加油
 *
 * @author konglingfeng
 * @date 2025/8/20
 * @desc
 */
@Configuration
/**
 * 开启全局方法安全
 * securedEnabled = true 开启@Secured注解
 * prePostEnabled = true 开启@PreAuthorize和@PostAuthorize注解
 * jsr250Enabled = true 开启@RolesAllowed注解
 */
@EnableGlobalMethodSecurity(securedEnabled = true, prePostEnabled = true)
public class SecurityConfig extends WebSecurityConfigurerAdapter {


    @Autowired
    private UserDetailsService userDetailsService;

    /**
     * 用于处理认证异常的类
     */
    @Autowired
    private AuthenticationEntryPointImpl unauthorizedHandler;

    /**
     * 注入处理权限异常的类
     */
    @Autowired
    private AccessDeniedHandler accessDeniedHandler;
    /**
     * 注入JWT工具类
     */
    @Autowired
    private JwtAuthenticationTokenFilter authenticationTokenFilter;

    // 新增代码，用于获取AuthenticationManager对象，在登录的业务层进行调用
    @Bean
    @Override
    public AuthenticationManager authenticationManagerBean() throws Exception {
        return super.authenticationManagerBean();
    }

    //这个方法是用于配置认证信息,
    //是将WebSecurityConfigurerAdapter中的configure(AuthenticationManagerBuilder auth)进行了重写
    // 配置认证信息,使用userDetailsService去进行验证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        // 配置认证信息,使用userDetailsService去进行验证
        auth.userDetailsService(userDetailsService).passwordEncoder(new BCryptPasswordEncoder());
    }

    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests()

                .antMatchers("/user/login").permitAll()
                .antMatchers("/**").authenticated();
                // .and()
                // .formLogin();
        http.cors().and().csrf().disable();
        http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        // 设置认证失败时的处理类
        http.exceptionHandling().authenticationEntryPoint(unauthorizedHandler);
        // 设置权限异常时的处理类
        http.exceptionHandling().accessDeniedHandler(accessDeniedHandler);

        http.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
    }
}
